Google on Wednesday delivered a blow to app companies in India and elsewhere, issuing new directives that limit their access to sensitive user information. Access to SMS and call-logs will only be allowed for those apps that rely on such data for their “core functionality”, the Internet giant said in a blog post.
Google said it may provide certain apps access if they re-apply for explicitly for the permissions, are transparent with users, and do not have an alternative way to deliver their service without reviewing SMSes or calls.
“Some Android apps ask for permission to access a user’s phone (including call logs) and SMS data. Going forward, Google Play will limit which apps are allowed to ask for these permissions. Only an app that has been selected as a user’s default app for making calls or text messages will be able to access call logs and SMS, respectively,” Google wrote in a blog post.
Companies have been given 90 days’ time to comply with the directive from Google. The move is part of an update to developer policies of Google Play Store, Google’s marketplace for apps, for which it has been getting flak from rivals such as Apple for having too lax privacy policies.
In the Google ecosystem, all apps are required to seek users’ permission to access personal data and input devices like call logs, SMS, microphone and camera. Certain apps bundle this permission in one— a concern for some users that say app companies do not transparently display permissions sought and what they do with that data.
For some companies getting access to, say, SMS inbox is for convenience – auto fetching OTP in the app when it comes in as SMS – while for others it is crucial to their core service.
“We use sms inbox for user verification and fraud detection,” said Akshay Mehrotra, co-founder and chief executive officer at Early Salary, an online instant loan service. The firm also pulls data from a customer’s SMS inbox, such as their debit and credit card spending via messages from their bank, to build a credit profile in order to give them loans.
Mehrotra says the company had explicitly sought permission from Google to access customer SMSes when it started out. “We have sought feedback from Google and are awaiting their response,” he added.